New HSBC and Barclays bank XSS and open redirect bugs

Written by DP

Saturday, 30 May 2009

*UPDATED 03/06/2009* - A fresh batch of critical cross-site scripting and open redirect vulnerabilities was added today to the archive. The following independent security researchers are credited with the discovery: PaPPy, Airrox, Xylitol, WwW.TRLink.NET, TurkPoweR, Skyr3x, Pierre GardenatAgd_Scorp, Mystick and Hexspirit.

Malicious people can exploit these bugs to conduct phishing attacks and infect bank customers and site visitors with crimeware.

HSBC: XSS * XSS * XSS * XSS * XSS * Open frame redirect * XSS * XSS Open redirect XSS XSS XSS XSS XSS XSS XSS

BARCLAYS: XSS * XSS * XSS * XSS XSS Open redirect


HSBC and Barclays bank have been XSSed in the past.

We hope that they resolve these issues as soon as possible.

Related News:
-HSBC web sites are open to critical XSS attacks. Warning to customers! - 21 June 2008
-Two critical XSS bugs on Barclays bank website - 3 May 2009
-Barclays XSS vulnerability comes handy for scammers and blackhat hackers - 11 May 2008
-Plague of web bugs descend on British sites - The Register - Dan Goodin - 1 Jun 2009
-HSBC, Barclays and The Telegraph sites were found vulnerable to cyber fraud - Ecommerce Journal - Petrony - 2 Jun 2009

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.